Windows 10's Wi-Fi Sense feature shares your Wi-Fi network—but only if you tell it to

When Windows 10 releases this Wednesday, it’s going to launch with some nice conveniences. The Start Menu is back. Voice assistant Cortana is built into the OS. Programs that once ran full-screen can be windowed on the desktop. But one of Microsoft’s new conveniences, called Wi-Fi Sense, has some security-minded folks worried about the sanctity of their wireless networks.

When you install Windows 10, you might want to turn it off. Here’s why.

What is Wi-Fi Sense?

Essentially, Wi-Fi Sense allows you to automatically share your Wi-Fi network with Facebook friends and Outlook and Skype contacts; they never see the password itself, but are logged onto your network if you have sharing enabled. It’s also designed to help you automatically connect to “open Wi-Fi networks it knows about by crowdsourcing networks that other Windows Phone users have connected to” according to Microsoft’s old FAQ. Microsoft brought the feature over from Windows Phone. Obviously, in the case of Windows 10, this applies to laptops and tablets rather than phones.

Microsoft claims Wi-Fi Sense is actually a security perk, because “your contacts won't have access to other computers, devices, or files stored on your home network” and they won’t actually know your password; that information is “sent over an encrypted connection and stored in an encrypted file on a Microsoft server, and then sent over a secure connection to your contacts' phone if they use Wi-Fi Sense and they're in range of the Wi-Fi network you shared.”

Why do people consider Wi-Fi Sense a security risk?

It sounds convenient, but critics disagree that it's a security perk, citing two major problems. First of all, even if those passwords are encrypted, they’re being stored in a Microsoft server that’s a potential target for hackers. If Rule 34 of the Internet is “There is porn of it, no exceptions,” then Rule 34, Article 2 should be “If it exists, it’s probably going to be hacked.” In this case, the worry is mostly lack of information: we don’t know anything about the type of encryption, or how long the data is stored, or what a hacker could get. Would the hacker then travel to high-profile targets, log onto that network, and poke around? It sounds possible, but unlikely.

Wi-Fi Sense

Image via Extreme Tech

The second major problem is that if you use Windows 10’s “Express” settings during installation, Wi-Fi Sense is enabled by default. It’s important to note that when you add a new Wi-Fi network in Windows 10, it asks if you want to share that network. Gizmodo claims that if you upgrade to Windows 10 from a previous installation (which helpfully saves all of your old Wi-Fi network passwords), Wi-Fi Sense sharing is enabled by default for all of those networks. I reached out to Microsoft to confirm, and they state the opposite; several commenters on Gizmodo also state that their saved networks were not automatically shared.

Here’s a statement from Microsoft:

“When you upgrade to Windows 10 from a previous version of Windows, your saved Wi-Fi networks are retained on your device, but they are not shared as part of Wi-Fi Sense. If you choose to, you can later explicitly share those networks if you have the password.”

For Wi-FI Sense to work, you do have to give it permission to share with your Facebook, Outlook or Skype contacts. But another issue is that you can’t pick and choose who you share with among those contact groups. It’s all of your Facebook contacts, or none of them. Considering most Facebook friends lists range from “close family” to “some guy you vaguely remember from second grade,” some more granularity there would be nice.

Can friends share my Wi-Fi network with their friends, and their friends' friends, and so on?

Not exactly. One other criticism of Wi-Fi Sense is that once you share Wi-Fi access with someone, they’re free to share that login with all of their contacts, and from there your network would spread across the social media web. That concern, at least, is unfounded, based on Wi-Fi Sense for Windows Phone.

Says Microsoft’s FAQ: “The networks you share aren't shared with your contacts' contacts. If your contacts want to share one of your networks with their contacts, they'd need to know your actual password and type it in to share the network.” The exception, of course, is that if you shared your actual password with a friend, they could then use Wi-Fi Sense to share login privileges with all of their contacts.

Wi-Fi Sense may not be the security risk that some critics fear, but it would still be wise to disable it during the Windows 10 setup process—at least until we know more about the security of Microsoft’s storage servers and distribution method.

To disable Wi-Fi Sense in Windows 10, open the Network settings menu, go to Manage Wi-Fi settings, and switch the “On” switch to “Off.”

When he's not 50 hours into a JRPG or an opaque ASCII roguelike, Wes is probably playing the hottest games of three years ago. He oversees features, seeking out personal stories from PC gaming's niche communities. 50% pizza by volume.